Monday, 24/11/2025 01:03 UTCdrive letters don't matter

tldr: set unwanted disks to offline. if you want to protect another partition on your OS drive, too bad.

So I’ve just learnt something fun which makes me question the separation of Windows installs on my PC. Windows doesn’t need drive letters to access filesystems. I assumed if you don’t set a mount point (drive letter or folder path) then a filesystem was inaccessible, but it turns out that’s not the case.

Sunday, 16/07/2023 14:28 UTCbulk updating usage location in azuread

Country codes are ISO 3166

Monday, 26/06/2023 19:00 UTCmanaging firefox with intune

Import ADMX Files

You’ll need to download the latest policy_templates ZIP file from the release assets on this page. Extract these, then you need to upload them to Intune.

You’ll need to go to Devices > Windows > Configuration Profiles and then choose Import ADMX from the top.

From this page, choose Import. Intune will ask for an ADMX file and an ADML file. First, upload windows\mozilla.admx and windows\en-US\mozilla.adml from the extracted policies ZIP file.

Sunday, 18/06/2023 14:49 UTCdeploying bginfo with intune

This is purely robbed from this Reddit post with me un-fucking the formatting so it works.

The basic instructions are to:

1. Get BGInfo from Sysinternals
2. Run BGInfo, create your template, and save it as bginfo.bgi
3. Get IntuneWinAppUtil.exe from this GitHub repo
4. Package the scripts, template, and BGInfo
5. Add the package to Intune, and deploy it

Creating the .intunewin package

You’ll need an install/uninstall script, which are shown here. Dump these in a folder as install.ps1 and uninstall.ps1 along with your bginfo.bgi templace and BGInfo64.exe. Since this is for labbing, I won’t bother with signing or any of that stuff.

Saturday, 20/05/2023 10:00 UTCpcie passthrough on fedora 38

This is a lot simpler these days with modern-ish cards and a modern-ish OS because nVidia’s lifted their wanky restrictions in their drivers. Unfortunately they haven’t backported this change for cards from the Windows XP era which kind of sucks but fair enough, it is proper ancient.

For a single GPU passed through to one Windows XP virtual machine, I just had to add a “PCI Host Device” in virt-manager.. typically two actually, one for the GPU function 0, and one for the GPU’s HDMI audio function 1. Once that’s done, change the Video model to none and edit the VM’s XML to look like the following.

Friday, 12/05/2023 23:12 UTCredneck windows unattend.xml

So I wanted a base VHD boot image for my laptop so I can quickly create a new Windows installation without having to go through the tedium of running a bunch of WIM commands. The basic idea was to create one base image setup with drivers and updates, then Sysprep that image, and then I can create a new differencing VHD backed by that base image.

The only downside was that the Windows Out-of-box-“experience” (OOBE) slowed the whole process down by asking asinine questions about privacy and stuff. I know! I’ll automate it.

Friday, 12/05/2023 21:45 UTCdhcp option 121 classless static route values

Option 121, while incredibly usefull, sure is a fucking pig to use. The option tends to be specified using hexadecimal values of shortened IPv4 network addresses prepended with the CIDR notiation of the mask also in hex. This leads to something like option 121 hex 180a.0100.0a00.1efe in Cisco-ish. Wtf does that mean??

What is O-121

For those who don’t know, DHCP O-121 is another way to provide routes to clients other than setting the default-gateway option. The main difference is that O-121 lets you send multiple CIDR routes allowing an automatic routing table like below. This can make routing to other local networks far more efficient than just routing the traffic through the default gateway, especially for networks like mine where the DGW is a piece of shit 1841 with 100Mbps NICs and my server has 4-8Gb of bandwidth to the LAN depending on what I’m doing with it at the time. The obvious answer would be to use a L3 switch but I don’t have one and DHCP options are free.

Sunday, 09/04/2023 17:41 UTClsi2008 sas controller on el9

Problem

I’ve neglected my home server for a while now so I figured I’d upgrade it with some new boot SSDs and a case that isn’t hot-boxing my hard-drives. New boot drives, new OS; I decided to go with Rocky Linux 9.1 since CentOS has been fucked around with.

Part of this upgrade meant moving my existing HDDs off of the integrated SATA controller onto their own dedicated SAS controller with nice clean breakout cables. I decided to test out my setup on a spare PC before messing with anything important and discovered that RedHat in their infinite wisdom have “depreciated” all models of the LSI2008 from EL. It still works fine on Fedora 38 and Windows out of the box, if that makes any sense at all?!

Sunday, 22/05/2016 04:13 UTCaria2 web on el7

Aria2 is a CLI download manager that can download files over several different protocols. I’ve been meaning to set something like this up for ages, as it’s better to download files on my server than to leave another machine turned on.

Install Aria2 and Apache’s httpd

The following commands enable the EPEL repo, install aria2 and httpd, and adds a firewall rule to allow HTTP traffic from the public zone. If you’ve set up different zones (like I have), use the zone that you want to allow access from.

Sunday, 15/05/2016 19:20 UTCwhat's the deal with pings?

Throughout the years I’ve been told to turn off ICMP Echo Request (ICMP Type 8) and ICMP Echo Reply (ICMP Type 0), commonly referred to as “Ping”. Some of these people have been people who should know about this kind of thing like people who work in Network Administration. Their reason: “security”. I say: “bollocks”.

Using the old “security” excuse is bad enough, because as soon as you mention security to someone who doesn’t actively keep up to date with current and past attacks they tend to assume you do. This flaw should usually be circumvented by referencing actual attack techniques that exploit the conditions you want to change, but at no point throughout the years has this been done by anyone whose told me to turn off ICMP Echo. Because of this, I decided to research why someone should turn off the ICMP type, and to be honest I was underwhelmed by the reasons.